Wanted: Bank Robber, Gun Not Required

Wanted: Bank Robber, Gun Not Required

If you remember the old saying that something vital was as safe as “money in the bank” you’ll want to update your assumptions.

As we reported earlier this year, in February hackers gamed the international intra-bank transfer system known as SWIFT for a cool $101 million. Pretending to be Bangladesh’s Central Bank, the thieves conned the U.S. Federal Reserve into sending money to a string of casinos in the Philippines.

Setting aside the question of whether someone should have found it odd that a central bank was wiring money directly to foreign casinos, it’s still not clear how the bandits made off with their haul. As of this writing, with all the international resources of the FBI on the job, only $20 million has been recovered. That means there are hackers on a yacht somewhere soaking up the sun and living large on $81 million funneled right out of the international banking system. The scariest part? The only thing that stood between the criminals and their initial goal of getting away with more than one billion was someone finally noticing a simple typo in one of the transfer requests.

Get Your FREE eBook!

The fact that the bogus transactions haven’t been traced yet, despite virtually the entire banking world looking for them, says as much about the security of our financial systems as it does about the skill of the hackers. If our central banks, which one would think would be the most secure institutions on the planet, are this vulnerable, what does that say about the rest of our banking systems? How many losses have gone unsolved, undisclosed or undiscovered one can only guess.

An Inside-Out Job

The FBI is claiming the bad guys had inside help, which is the go-to conclusion when investigators can’t figure out how thieves pulled off a heist. Why they picked the Bangladesh Central Bank (BCB) is less of a mystery. Turns out security was laughably lax at the bank, which had no firewall and was using a ten dollar network setup at the time it was compromised.

In its defense, the SWIFT software and system is incredibly hard to hack into—from the outside. But once the thieves had direct access to it, having gotten through the BCB’s non-existent network security, they were able to hack into SWIFT from within the Bangladesh bank’s system and even use malware to send authenticated settlement notices. When confirmations were received from a server in Egypt, the malware even covered its tracks, deleting both the confirmation and transaction records.

Shady Partners

It’s also somewhat less than a mystery why the hackers decided to send the money to the Philippines. The funds transfers were sent to the Rizal Commercial Banking Corp. held by two Chinese nationals who organize gambling junkets to Macau and the Philippines. The money was then transferred to a string of casinos and from there to a series of international bank accounts. Philippine casinos are exempt from money laundering regulations and were under no obligation to report the suspicious transactions. Two officers at Rizal are facing charges when one of them got caught taking $427,000 out of one of the thieves’ transfer accounts.

The Real Forehead-slapper

Now we get word that, just last week, yet another bank, this time in Vietnam, was discovered to be infected with the same malware used in the Bangladesh attack. This time no one’s saying how the intrusion was discovered, or how much money the thieves stole; a silence that implies the haul was probably substantial. Why the SWIFT system hadn’t been patched against the known threat of the very malware used in the previous attack is another mystery. None of those questions are particularly flattering for the international banking system, or reassuring to bank customers.

And the Next Weak Link?

SWIFT is based in Brussels and is a bank-owned cooperative. The finger-pointing started within days, with authorities in Bangladesh accusing the SWIFT system of failing to patch known software vulnerabilities, and SWIFT retorting that the issue was lax security on the part of the bank. SWIFT maintains it was simply processing properly formatted settlement instructions.

What we know for certain is that SWIFT system security was only as strong as its weakest link. We know that $81 million is still missing and the fact that it has been missing this long lowers the likelihood it will ever be found.

The far bigger story here is that the safeguards underlying the world’s banking systems are clearly vulnerable to a well-crafted attack. It’s doubtful thieves are going to confine their ambitions to Bangladesh and Vietnam; it seems more likely that your bank, and mine, are in some criminal’s sights at this very moment, our brokerages as well. Any widely known store of digital, hackable wealth is vulnerable. The question becomes, do you protect yourself now, or wait until a catastrophic theft occurs? Or, to be more precise, until you’re finally notified a theft has occurred? Or do you take a portion of your wealth off the table, and put it in a physical asset no thief can hack.

Based in Woodland Hills, California, Goldco Precious Metals was founded by Trevor Gerszt in 2006. He wanted to help clients looking to add precious metals to their IRAs.

Precious metals are widely acknowledged by investors as a hedge against runaway government spending and excessive money printing by the Federal Reserve. For years, the experts at Goldco Precious Metals have helped investors take advantage their ability to hold gold and other precious metals in their retirement accounts, in strict compliance with IRS code. Exchanging stocks and bonds for physical precious metals like gold and silver is easy with Goldco's IRA experts guiding you.... View More

There is no assurance that commodities, i.e. precious metals, will achieve their objectives. Return and principal value will fluctuate and your portfolio, when redeemed, may be worth more or less than the original cost. No statement, presentation, article, or any other communication available in this material is to be construed as a recommendation to purchase or sell a security or service, or to provide investment, legal, accounting or tax advice. Client should carefully read sales literature prospectuses, and/or other offering documents, when available, before making purchases. They should carefully consider all risks and/or considerations contained in the documents. Clients should understand that all purchases have some degree of risk. If seeking advice, clients are responsible for providing accurate information about their financial status, goals, and risk tolerance to ensure that appropriate recommendations are provided. Client should promptly notify their Account Executive whenever there are significant changes to their portfolio objectives, risk tolerance, income, net worth or liquidity needs. Client should make certain that they understand the correlation between risk and return. Clients should consult an attorney or tax advisor for specific tax or legal advice. Commodities involve risk and are not suitable for all investors.